CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27960 matches found

GithubExploit•added 2026/03/18 4:29 p.m.•114 views

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

🔐 SSH Exploit Tool Educational Use Only 📌 Description Th...

7.8CVSS7AI score0.70721EPSS

Exploits6

Snyk•added 2026/03/18 4:10 p.m.•6 views

Cross-site Scripting (XSS)

Overview @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting XSS via the selectElement.innerHTML method. An attacker...

6.1CVSS5.8AI score

Exploits0References2

GithubExploit•added 2026/03/18 9:59 a.m.•128 views

Exploit for CVE-2026-26801

pdfmake SSRF Vulnerability PoC Vulnerability Summary | Fi...

7.5CVSS5.8AI score0.00481EPSS

Exploits2

NVD•added 2026/03/18 4:17 a.m.•6 views

CVE-2026-31898

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inje...

8.1CVSS0.00275EPSS

Exploits0References4

CVE•added 2026/03/18 3:5 a.m.•14 views

CVE-2026-31938

jsPDF prior to 4.2.1 is vulnerable: unsanitized user input passed to the output method’s options can inject HTML/scripts into the browser context when a PDF is opened. The issue is triggered when an attacker provides values via a web interface, which are forwarded to the victim’s browser and proc...

9.6CVSS5.8AI score0.00244EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/03/18 3:3 a.m.•1 views

CVE-2026-31898 jsPDF has a PDF Object Injection via FreeText color

8.1CVSS5.8AI score0.00275EPSS

Exploits0References4

OSV•added 2026/03/18 3:3 a.m.•2 views

CVE-2026-31898 jsPDF has a PDF Object Injection via FreeText color

8.1CVSS6AI score0.00275EPSS

Exploits0References6

NVD•added 2026/03/18 12:16 a.m.•3 views

CVE-2026-27895

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

8.8CVSS0.00419EPSS

Exploits0References3

NVD•added 2026/03/18 12:16 a.m.•5 views

CVE-2026-27894

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

8.8CVSS0.00371EPSS

Exploits0References3

OSV•added 2026/03/18 12:16 a.m.•3 views

DEBIAN-CVE-2026-27894

8.8CVSS5.9AI score0.00371EPSS

Exploits0References1

OSV•added 2026/03/18 12:16 a.m.•3 views

UBUNTU-CVE-2026-27895

8.8CVSS6.4AI score0.00419EPSS

Exploits0References4

CNNVD•added 2026/03/18 12:0 a.m.•5 views

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the possibility that parameters controlling the createAnnotation method could allow for the injection of...

8.1CVSS5.9AI score0.00275EPSS

Exploits0References5

CNNVD•added 2026/03/18 12:0 a.m.•5 views

jsPDF 跨站脚本漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.2.1 had a cross-site scripting vulnerability. This vulnerability stemmed from insufficient control over the options parameter of the output function, allowing attackers to inject...

9.6CVSS5.8AI score0.00244EPSS

Exploits0References4

Tenable Nessus•added 2026/03/18 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-27894

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file...

8.8CVSS6.1AI score0.00371EPSS

Exploits0References3

FreeBSD•added 2026/03/18 12:0 a.m.•10 views

chromium -- security fixes

Chrome Releases reports: This update includes 26 security fixes: 475877320 Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 485935305 Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on...

8.8CVSS6.2AI score0.00415EPSS

Exploits1References1

OPENSUSE Linux•added 2026/03/18 12:0 a.m.•6 views

Security update for python-PyPDF2 (moderate)

openSUSE security update: security update for python-pypdf2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20375-1 Rating: moderate References: bsc1259508 Cross-References: CVE-2026-31826 Affected Products: openSUSE Leap 16.0...

6.8CVSS7.2AI score0.00362EPSS

Exploits0References1